Illinois “Geolocation Privacy Protection Act” Passes Both Houses, Headed to Governor’s Desk

Reed Abrahamson, D. Reed Freeman, Jr.
WilmerHale
Contact
LinkedIn
Facebook
X
Send
Embed

On Tuesday, June 27, the Illinois legislature passed HB 3449, the “Geolocation Privacy Protection Act.” If signed by Governor Bruce Rauner (R), the bill would prohibit a “private entity” from collecting, using, storing or disclosing “geolocation information from a location-based application on a person’s device” unless the entity has first obtained that person’s “affirmative express consent.” As amended, the bill does not contain a private right of action. Instead, violations of the bill may be pursued by the Attorney General or a State’s Attorney under Illinois’s Consumer Fraud and Deceptive Business Act. Before filing a suit, however, the Attorney General or State’s Attorney must provide the business with a 15-day right to cure. 

The bill defines “geolocation information” as information (other than the “contents of a communication”) that is “generated by or derived from” the operation of a “mobile device” (a category that includes smart phones, tablets, and laptops) and that is “sufficient to determine or infer the precise location of that device.” IP addresses are specifically exempted from the definition of “geolocation information.” The bill does not further define “precise location.” 

Under the bill, entities collecting geolocation information must provide individuals with: (1) a “clear, prominent, and accurate notice” explaining that geolocation information will be collected, used, or disclosed; (2) the specific purposes for which the individual’s geolocation information will be collected, used, or disclosed; and (3) “a hyperlink or comparably accessible means to access the information” required by the law. The company must also obtain the individuals’ “affirmative express consent” (an undefined term) to the activities described in the notice. A limited number of uses are exempted from this notice and consent requirement, including allowing parents and guardians to locate minor children or legally incapacitated persons, providing emergency services (i.e., fire, police, ambulance, etc.), or “providing storage, security, or authentication services.” A number of regulated entities are also exempt from the bill, including covered entities under HIPAA, internet and telecommunications providers, financial institutions regulated by the GLBA, private detectives, public utilities, and political campaigns. 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© WilmerHale | Attorney Advertising

Written by:

WilmerHale
WilmerHale
Contact
more
less

WilmerHale on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide